AI Readiness Checklist for Corporate Legal Functions

www.cambrian.ai

This checklist is the result of ongoing consultations with General Counsel about how Artificial Intelligence (AI) is transforming both their business and the regulatory environment, creating unforeseen demands on corporate legal functions. Increasingly General Counsel are called upon to guide boards, c-suites, coworkers, and external stakeholders through AI-related ethical and legal risks arising from customer and supplier relations, internal operations, and regulatory action. In particular, AI requires an ethical and governance framework that is supported at board level and across the business.

Our consultations with General Counsel began in late 2018, when we began working with Cambrian Futures to host an intensive 1.5 day workshop devoted to General Counsel of large corporations. The workshop was held in Amsterdam in 2019, and identified a range of key challenges and potential best practices for managing AI-related risk. To read more about the findings from the workshop, please see our Report, Big Data and Big Brother: How General Counsel Cope with Artificial Intelligence in an Era of Economic Nationalism.

Following the workshop, we increasingly heard from General Counsel that they would like further guidance about steps to take to prepare the business for the use of AI both internally as well as by regulatory authorities. To this end, Lex Mundi held a webinar in January 2020, offering additional guidance about a governance framework for AI as well as insights about the intersection of AI and regulatory action. The webinar can be accessed online here.

Lex Mundi created an ad-hoc working group to develop this checklist. The tool is not meant as a one-size-fits-all approach to organizational AI-readiness, but rather intended as a starting point for General Counsel to identify key issues. The proposed use of AI by an organization will vary in the type and degree of impact on the individual or society as a whole; therefore, the tool is intended for use in conjunction with expert-led workshops to develop an AI-governance model that is tailored to the needs of your specific organization.

For the purpose of this checklist, we use AI to mean systems that employ artificial intelligence, including machine learning for artificial intelligence.

Lex Mundi extends its appreciation to the following individuals for their work in helping to create this checklist:

• Dr. Olaf Groth, CEO, Cambrian.ai• Tobias Straube, VP Operations and Analysis, Cambrian.ai• Jeff Bullwinkel, Associate General Counsel and Director of Corporate, External and Legal Affairs,

Microsoft Europe• Stephanie Lynn Sharron, Partner, Morrison & Foerster LLP

About This Checklist

2

Jenny KarlssonHead of North America, Global MarketsLex Mundi jkarlsson@lexmundi.com

Eric StaalVice President, Global MarketsLex Mundi estaal@lexmundi.com

Is your corporate legal department ready for Artificial Intelligence?

Governance

Compliance

Test, Audit, and Evolve

Training

Institution Building5

4

3

2

1

3

1. Governance

Board of Directors

Does the Board of Directors have an explicit mandate (statutory or otherwise) to oversee AI ethics and governance across the organization?

Has the Board of Directors defined AI and data ethics for their organization?

Are there members of the Board of Directors with competence to understand the potential issues that arise with the use of AI across products, services, operations, and relationships with customers, suppliers, employees and other stakeholders?

Does the Board of Directors have training and guidance on how to deal with cyber and data breaches, including a cyber breach preparedness checklist or action plan?

Does the Board of Directors have a protocol for obtaining or getting reporting on the AI and data health of the organization?

Legal and Compliance Function

Are there points of contact in the legal and compliance function with cross-disciplinary expertise who have responsibility for advising the organization on the legal impact of AI use and AI compliance (the AI Legal Committee)?

Is there an internal Governance Committee to oversee the use of AI within the organization, with a direct report to the Board of Directors?

Does the Governance Committee include members of the AI Legal Committee and the Business Unit Leaders?

Governance Committee

4

Are there one or more business leaders within each of the organization’s business units with responsibility for oversight of AI ethics and governance (Business Unit Leaders)?

Are policies in place that ensure ethnic or cultural diversity in AI development teams?

Management and Employees

2. Compliance

Is the Governance Committee involved with the development and implementation of AI corporate policies? In formulating the corporate policies, the Governance Committee should bear in mind the purpose of the policies, namely

• allowing for corporatewide articulation of ethical and legal principles to guide decisions about acceptable use of AI,

• aligning decision-making with articulated principles, • improving legal compliance, • increasing transparency and information sharing across the organization, • instituting algorithm coding, implementation and data hygiene rules, and• ensuring consistency in approach to decision-making and compliance.

Does the AI Legal Committee have a methodology to monitor key legislative and regulatory developments related to AI in relevant jurisdictions (e.g. Horizon Scanning Methodology)?

Does the AI Legal Committee oversee compliance with regulations applicable to the type of data being processed and proposed use of the output of the AI tool in the business (for example, in connection with unlawful bias and discrimination, product liability, data protection, intellectual property and competition)?

3. Test, Audit and Evolve

Where appropriate, does the Business Unit Leaders involve the AI Legal Committee, as well as others with domain expertise in the organization, to:

• understand how data is sourced, cleaned and labelled (if applicable) to ensure the integrity of datasets, • check if machine learning models are tested for fairness, accountability and transparency, and • conduct social impact tests of AI systems to assess potential unintended consequences.

Does the AI Legal Committee have oversight over relationships with AI vendors within the organization, including due diligence on suitability, contracting arrangements, and accountability for errors?

Are AI corporate policies updated to reflect new AI practice on an ongoing basis?

5

4. Training

With respect to the AI Legal Committee, have members received training on the application of law to AI in relevant business units, in order to advise the organization accordingly?

Some areas of law to be covered might include:

• Employment laws for AI tools in HR processes, such as background screening• Anti-discrimination laws for automated processes with respect to employees, suppliers

and consumers• Tort liability for new product development, such as autonomous vehicles• Disclosure laws for bots• Data privacy for workplace / employee monitoring, such as GPS• Professional misconduct for permitting AI bias in the practice of law• Self-identification of automated software agents• Intellectual property law in connection with co-development of new products and data

Is there compulsory training across the organization for personnel, workers and contractors on AI corporate policies?

Are training programs updated on a regular basis to address new legislation / key developments?

Is the Governance Committee involved in implementing training on AI governance and ethics?

5. Institution Building

Does the Governance Committee engage with external stakeholders (such as industry bodies and regulatory authorities) on AI and data ethics?

To what extent does the organization involve non-technical experts – such as anthropologists, sociologists and psychologists – in the design of AI solutions, so as to ensure human-centricity and appropriate human-machine collaboration?

Does the organization involve itself in proactive dialogues with regulators in all of its markets so as to provide critical know-how and shape forthcoming guidelines?” (For instance, see new EU regulations in the making: https://www.lexmundi.com/Document.asp?DocID=12060

Does the organization have a well formulated point-of-view on AI and data regulations in its particular domain, including the need for a discrete AI/data governance body or agency?

6

About Lex Mundi

Lex Mundi is the world’s leading network of independent law firms delivering consistent, high-quality advice that is critical to solving complex cross-border challenges. Our carefully vetted, and continuously reviewed, top-tier member firms uphold the highest-level service standards while offering preferred access to more than 22,000+ lawyers worldwide in more than 125 countries. Supported by client-focused methods, innovative technologies, joint learning and training, member firms collaborate across borders and industries to deliver joined-up solutions focused on real business results for clients.

Through our innovative service delivery model, clients have the ability to assemble an ideal international legal team, with the best lawyers in the jurisdictions that match their unique footprint, flexed to their most significant legal challenges.

Lex Mundi member law firms are located throughout Europe, the Middle East, Africa, Asia and the Pacific, Latin America and the Caribbean and North America. Through our nonprofit affiliate, the Lex Mundi Pro Bono Foundation, our members also provide pro bono legal assistance to social entrepreneurs around the globe.

Through our non-profit affiliate, the Lex Mundi Pro Bono Foundation, members also provide pro bono legal assistance to social entrepreneurs around the globe. For more information, please visit www.lexmundi.com and www.lexmundiprobono.org.

Lex Mundi – the law firms that know your markets.Find out more about Lex Mundi at: www.lexmundi.com